Thursday, October 11, 2012

Facebook stalkers can find you through your phone number

OK, that's a little inflammatory, but this is still a pretty huge security hole.  Randomly typing in phone numbers into Facebook's mobile app will show you the Facebook account of anyone who uses that number.  It's possible to harvest millions of numbers this way, and it appears that people may be doing exactly that.
Prakash explains how he stumbled on the idea for his exploit back in September:
About a month ago I was just browsing FB on my FB mobile application and it had an option called “Find friends using contacts” ,what it does is that it compares the contact list from your phone to the FB database to see if you have any friends that are in your contacts but not on your Facebook account. I also later figured out that simply “searching” a persons phone number (Including country code) will show you their account.
In other words, all you have to do is pick a random phone number, search for it on Facebook, and if the owner allows you to (and Prakesh argues that most people do because Facebook’s privacy settings are confusing), you’ll see their profile, which typically includes at least their name and profile picture, if not more information. If you write code to automate the task, as Prakash did, you can create a phone book of everyone who lets you look them up on the social network with just a phone number.
As seems typical with Facebook and privacy SNAFUs, nothing seems to have been done about this.

If you want to protect yourself, instructions are here.  Or you could just not use Facebook, which works surprisingly well for me.

3 comments:

TJP said...

I don't use it either. Why anyone wouldn't demand payment from Face/boot in exchange for their time to enter there personal information--which is being treated as exclusive property and being sold--that's just beyond me.

Your attention is a scare resource, people. Demand payment from surveyors, advertisers social "network" scammers in exchange for your time.

TJP said...

I charge ten cents per homophone correction.

Ian Argent said...

I use facebook because it's a way to keep up on the doings of family, friends, and acquaintances. I don't put anything on facebook that I wouldn't discuss in a crowded restaurant in a dining booth, or wouldn't dicuss in the work cafeteria. I had long since locked down the information on here to my friends (except acquaintances) list; and I am somewhat selective of who I make connecitons with on FB - unless there's a good reason, I have to have met you in person before accepting or offering a friend request. Those people, by and large, already know what I have put on facebook, and even then I am a tad cautious just in case an account is compromised. (No vacation status updates until I'm home, etc).

I do get compensation from Facebook in exchange for their marketing of me - their services are free. TANSTAAFL, folks.